Upwind Brings Real-World Precision to Cloud Security with Exposure Validation Engine

In an era when cloud misconfigurations can expose terabytes of sensitive data in seconds, Upwind is betting that the future of cloud security will be defined by verification, not speculation. The next-generation cloud security company today unveiled its Exposure Validation Engine, a dynamic layer that brings real-time, attacker-style validation into the heart of Cloud Security Posture Management (CSPM).

The launch underscores Upwind’s growing dominance in the runtime security movement—and comes just as the company secures a spot on the 2026 Fortune × Lightspeed Cyber 60, a list spotlighting the most promising venture-backed cybersecurity innovators.

From Reactive to Verified

For years, CSPM tools have helped enterprises detect risky configurations—but at the cost of drowning security teams in false positives. Upwind’s new engine takes a fundamentally different approach, validating each potential exposure in real time by simulating how an attacker would actually exploit it.

“Cloud security teams are tasked to do the impossible, to protect digital assets in ever changing cloud environment,” said Amiram Shachar, CEO and Co-founder of Upwind. “Our job is to simplify the work of cloud security leaders with more clarity, evidence-backed findings and precision.”

By blending configuration analysis with live reachability tests across internet paths, Upwind’s AI-driven engine confirms whether a given asset is truly exposed or safely isolated. During its first two weeks in the field, the system uncovered tens of terabytes of live, exposed data—from AI model weights to unprotected disks—across major global enterprises. Many of these exposures had slipped past traditional posture tools entirely.

Cutting the Noise, Boosting Confidence

Upwind’s validation-driven architecture claims to cut false positives by up to 90%, converting noisy configuration data into verified, evidence-based intelligence. Each confirmed exposure comes with reproducible command steps and full audit trails, letting teams remediate issues without second-guessing their tools.

“Upwind is not just a security tool — it’s a platform that makes our engineering, security, and audit teams faster and more effective,” said Aman Sirohi, SVP and Chief Security Officer at People.AI.

For high-volume, multi-cloud enterprises, the implications are significant: security teams can prioritize what truly matters, engineering teams can validate and fix issues faster, and compliance officers gain transparent proof of control effectiveness—no guesswork required.

The Runtime-First Standard

The Exposure Validation Engine also marks another milestone in Upwind’s push for runtime-first security, where protection extends beyond static analysis to include live, contextual validation. By integrating runtime telemetry directly into CSPM, Upwind positions itself as the first vendor to deliver real-time, evidence-backed posture management.

The company’s growth trajectory reflects how rapidly the market is embracing this shift. With over 200 enterprise customers—including Peloton, Bill, Fiverr, and Agoda—Upwind has logged a staggering 4,000% revenue increase between 2024 and 2025.

Backed by Proven Visionaries

Founded in 2022 by Shachar and his former Spot.io co-founders (acquired by NetApp for $450 million), Upwind has raised $180 million from investors including Greylock, Cyberstarts, Leaders Fund, Craft Ventures, Cerca Partners, and NBA star Omri Casspi’s Sheva fund.

Already recognized by Gartner, Forrester, and multiple industry reports for its cloud-native protection model, Upwind’s runtime-first framework is quickly becoming the benchmark for modern cloud defense.

In a world where theoretical risk assessments no longer cut it, Upwind’s Exposure Validation Engine brings the one thing security teams have been missing: evidence.